LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 08-12-2005, 03:17 AM   #1
chandru.in
Member
 
Registered: Jun 2005
Location: Bangalore, India
Distribution: Kubuntu 7.10
Posts: 165

Rep: Reputation: 30
Allow weak password


Hi,

I'm a normal user on a linux system. How can I set a weak password for myself??

I know it is insecure, but I don't mind.
 
Old 08-12-2005, 03:48 AM   #2
questionasker
Member
 
Registered: Aug 2003
Location: North Carolina, USA
Distribution: Onebase 2004-r2 | Updated through 6-10-04
Posts: 359

Rep: Reputation: 30
you should be able to set one, simply by re-entering it at teh prompt screen...
 
Old 08-12-2005, 03:56 AM   #3
Ephracis
Senior Member
 
Registered: Sep 2004
Location: Sweden
Distribution: Ubuntu, Debian
Posts: 1,109

Rep: Reputation: 49
If you have SSH, FTP or anything else you SHOULD mind. Weak passwords are one big reason why evil-doers succeed in their life style.
 
Old 08-12-2005, 04:42 AM   #4
SlackerLX
Senior Member
 
Registered: Dec 2004
Location: Herzliyya, Israel
Distribution: SuSE 10.1; Testing Distros
Posts: 1,834

Rep: Reputation: 47
you could remove SSH loading from rc and this will lessen the risk but still even if you don't mind that someone gets inside your box uninvitedly and even if you say to yourself "I don't mind! I have nothing of importance on it!" It will still slow it to verrrrrry sluggish performance
 
Old 08-12-2005, 04:52 AM   #5
Ephracis
Senior Member
 
Registered: Sep 2004
Location: Sweden
Distribution: Ubuntu, Debian
Posts: 1,109

Rep: Reputation: 49
Quote:
Originally posted by SlackerLX
you could remove SSH loading from rc and this will lessen the risk but still even if you don't mind that someone gets inside your box uninvitedly and even if you say to yourself "I don't mind! I have nothing of importance on it!" It will still slow it to verrrrrry sluggish performance
Or it will be used as a zombie. That's even worse IMHO since it will affect more people than just him.
 
Old 08-12-2005, 05:00 AM   #6
SlackerLX
Senior Member
 
Registered: Dec 2004
Location: Herzliyya, Israel
Distribution: SuSE 10.1; Testing Distros
Posts: 1,834

Rep: Reputation: 47
Anyway, see it youself to your desire. But before setting weak password I'd recommend to read some material. "Hacker's handbook" for example. Then you'll understand the pityfull meaning of weak pass
 
Old 08-12-2005, 06:11 AM   #7
Ephracis
Senior Member
 
Registered: Sep 2004
Location: Sweden
Distribution: Ubuntu, Debian
Posts: 1,109

Rep: Reputation: 49
Yes! The prevention for weak passwords are there for a very good reason. As long as you can decrypt the password with johntheripper within a few days you should use something else.

The book "Hacking: The Art of Exploitation" has a chapter about exploiting and cracking password hashes. It is faily easy. Also, the length of the password makes a big different. Just adding one or two extra characters will multiply cracking time enormously.

Good password practise is a good thing, and it is not that hard to keep the password in the head.

If you just WANT to use a weak password then do it for the regular user, but NOT with root. Please!
 
Old 08-12-2005, 08:54 AM   #8
int0x80
Member
 
Registered: Sep 2002
Location: Cincinnati
Distribution: Debian GNU/Linux
Posts: 310

Rep: Reputation: 31
Re: Allow weak password

Quote:
Originally posted by chandru.in

I'm a normal user on a linux system. How can I set a weak password for myself??
Being a normal user, you may have trouble setting a weak password if PAM is already configured to prevent you from doing so. You can check your common-password file for the current password requirements. I'm not certain where it is located on Slack 10.1, but in Debian it is at /etc/pam.d/common-password. The contents of mine are below:
Code:
bash$ grep -v '#' /etc/pam.d/common-password
password required   pam_cracklib.so retry=3 minlen=6 difok=3
password required   pam_unix.so use_authtok md5
Mine is set up to be a bit more stringent using libpam-cracklib. A more average entry would be the following:
Code:
bash$ grep -v '#' /etc/pam.d/common-password
password   required   pam_unix.so nullok obscure min=4 max=8 md5
You can read more about PAM in the PAM documentation [kernel.org] and even here on LQ [linuxquestions.org]
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
weak ssl ciphers in webmin hari_seldon99 Linux - Security 2 12-04-2004 07:33 AM
Distro for Weak Comp, User sarboras Linux - Distributions 6 04-26-2004 11:00 PM
Slackware getting weak? CryptDragoon Slackware 9 02-05-2004 06:39 PM
GUI for weak box? Pluto101 Linux - Software 14 08-18-2003 09:31 PM
Allowing weak passwords? Passive Linux - General 2 10-24-2002 07:12 AM


All times are GMT -5. The time now is 08:31 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration